Comment 32 for bug 1662552

The real bug here is that AppArmor should restrict NFS access only via the file-path rules, and not via the network rules, since if an application accesses a file via NFS, all related network traffic is initiated and controlled by the kernel (or by kernel helper processes like automount, rpc.gssd and nfsidmap), and not by the application. NFS access really needs to be fixed in AppArmor and anything else is just a temporary workaround. Until then, AppArmor is too blunt a tool for restricting network access.

See also bug #1784499 (AppArmor prevents /usr/bin/man from reading NFS-mounted man pages)